If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

First of all, you speak of truecrypt encrypting your BT5 installation, which is not possible.
You can achieve a full-disk-encryption dual-boot, but not with just Truecrypt.

The idea is simple:
Both operating systems are encrypted, with the truecrypt bootloader in the MBR of the bootdisk
and the BT bootloader in the MBR of the second HDD.

This is how you do it:
You install W7 (already did), then you install Truecrypt and encrypt your whole drive.
Make sure Truecrypt installs its bootloader in the MBR of the bootdisk (the disk
you are going to install windows on).

During this process, you will have to reboot and test the bootloader,
in order to make sure it is all working. After this, truecrypt can begin the actual encryption
(which takes long!). You might want to wait with this,
because it takes very long and you will have to do it again if you screwup during
the process of installing BT, so just leave it unencrypted (note that the bootloader
is already installed in the MBR).

Now, you boot your BT stick.
Partition your second disk.
I like fdisk but you can also apt-get install gparted,
so that you have a graphical interface for the partitioning of your drive.

You need two partitions, a boot partition and a root partition.
Make your boot partition at least 200 Mb (I've had problems with this,
so I always make my boot partition 512Mb) and leave the rest for the root partition.

Install the needed programs for the encryption:
apt-get install hashalot

The next step is very important and should be executed
very carefully!
"cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sdXY",
where X stands for your drive letter, and Y stands for the partition number.
Be carefull with this because you can mess up your windows installation!
You'll have to check which is the drive for your BT installation.
Use the tool you like to check which letter stands for your drive.
If all went ok, you should have four partitions:
- 100Mb W7 boot partition
- Rest of the disk W7 root partition
- 512Mb BT boot partition
- Rest of the disk BT root partition

Execute the command and type in your desired password twice.
Now execute this command to open your newly created encrypted partition:
"cryptsetup luksOpen /dev/sdXY pvcrypt"
Execute these commands:
"pvcreate /dev/mapper/pvcrypt"
"vgcreate vg /dev/mapper/pvcrypt"
Now, in order to create a (encrypted) swap partition,
execute the following command:
"lvcreate -n swap -L XG vg",
where the X stands for the amount of gigabytes for
your swap partition (use the amount of ram you have).
Execute the following command to create the root partition
inside the encrypted partition, next to the swap partition:
"lvcreate -n root -l 100%FREE vg"
Execute:
"mkswap /dev/mapper/vg-swap"
"mkfs.ext4 /dev/mapper/vg-root"

Finally, ready to install BT to the created partitions.
Click on install.sh on your desktop.

Proceed with the installer until it says
"Prepare disk space"
Select manually.
Select the first partition of the drive (/dev/sdX1)
and make it ext4, let it be formatted and set mount point: /boot
Select "/dev/mapper/vg-root", make it ext4, let it be formatted en set mount point: /
Select "/dev/mapper/vg-swap", make it swap (should be already, but just to make sure).
Click forward and then advanced (VERY IMPORTANT).
Select the second drive (/dev/sdX) and let the BT's bootloader get installed.
Click install and wait.
Click "Continue testing".

You are now editing a file.
Add the following:
pvcrypt /dev/sdX2 none luks
/dev/sdX2 should be the encrypted partition (you created
with this command: cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sdXY)

Quit vi (:wq) and execute:
vi /etc/fstab
Change te line about the root partition (the only line with "/" in it. NOT /boot!),
make it: "/dev/mapper/vg-root / ext4 defaults 0 1"

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

Hi,
Thanks for this nice tutorial. I'm looking into using this to setup a sole encrypted BT5 install on a hdd and then copy in a BT5 environment I've been using and tweaking for several time. The setup I'm using now has been installed without encryption and after sometime using it want to switch to an encrypted setup.

Would it possible to make a "dd" backup of the existing partition to a external HD, setup the boot-partition and encrypted root-partiton how you describe it and then copy in the boot-dir from the backup to the new boot partition, copy the rest of the backup to the new encrypted partition, update the fstab and cryptab files according to your tutorial, update the grub config file with the new UUID and then run everything?

I haven't tried it yet, but I'm wondering if this could work and if I'm forgetting something before rendering my BT5-setup unusable ;-)

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

I looked into this a long time ago, and was unable to achieve any success at getting the bootloaders to chain correctly.

I installed Win7, converted to hidden OS using truecrypt.

DD'ed a working BT installation into the hidden OS partition, then installed Win7 as decoy operating system.

TC works correctly. Decoy password boots the decoy Win7 installation, but the password for the hidden OS would not chain to grub. I toyed around with it for awhile, but am not overly skilled with bootloaders. I think someone smarter than me in that area could figure it out, but I had no joy.

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

Hi,

I got everyhting working. Installed exactly like the tutorial above. After that started up from a bt disk, mounted the partitions and saved the working crypttab and fstab files somewhere else. Rm -rf the newly cretaed BT5 partition. Mounted another disk with a backup of a working BT installation and restored that into the now empty encrypted partition. After that replaced the restored fstab and crypttab files with the ones I saved away before. Rebooting and it's working. I had to reinstall the nvidia drivers though.

At least for a few days... Since today I cannot boot into the encrypted partiton anymore. Getting the error message that /dev/mapper/vg-root doesn't exist anymore, just suddenly?

Anyway I got it working but it is way to buggy and to much hassle for a real working system that has to be used daily, so I'm reverting back to an unencrypted system. Better of using a Truecrypt container for secure storage of files etc. Far more easy in daily use.

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

I am also getting this issue after working for a day. What did you do to fix this issue? It would be nice if more people when running into an issue shared with others what they did to resolve it. Thanks!

Re: TRUECRYPT - Dual Boot Win7 + Backtrack 5r3

I have tried and tried and tried, but after ages, im back on the forum

Followed this tutorial to the letter.....Which is awesome by the way.

But my truecrypt boot loader refuses to find any other disk. When i push [ESC] it just says "No additional partitions found"
I can still access my 2nd HDD with BT5 through my BIOS, but this is annoying. Does anyone know how to fix this problem?

Scroll to the bottom and find the troubleshooting bit.....Basically the error is coz, your boot up has lost its decription capabilities....so these links say to boot from the live cd, mount the partitions and re-install the cryptsetup.....After thinking i realised that i ran "apt-get autoremove" and it removed cryptsetup, and then ran the build initframs process which is used during the inital install process.....

So learned something today...if ever see initfrans running, check that cryptsetup is still installed then re-run initframs